PAM database commands
I'm trying to block specific database commands. I have the DB connector setup. I can see in the report the commands. What should i do in order to block a specific command (ie: DROP *) ? I added a rule "if command in block_list" authorize no but the command still works. Any help would be appreciated.
Re: PAM database commands
This is called "Command Risk" in PAM. Command usage can trigger Auto Disconnect and/or Auto Block of the user. Details can be found below:
For "DROP *", I might add a command here with regex to capture the lowercase entry of it:
Try setting the Risk level high (0-9), then check the keystroke report of a user's session using the command and notice the audit is marked with an associated risk color.